On 04/09/2013 06:36 AM, Christian Boltz wrote: > Hello, > > Am Montag, 8. April 2013 schrieb Jamie Strandboge: >> Recent kernels/glibc also now trigger reads for >> /proc/sys/vm/overcommit_memory. This is explained in both malloc(3) >> and proc(5). Basically, there are different memory allocation >> strategies and /proc/sys/vm/overcommit_memory contains the 'virtual >> memory accounting' mode. The update for the base abstraction gives >> read access to this file. > > To make the collection complete: > Acked-By: Christian Boltz <[email protected]> > > Please also backport both patches to the 2.8 branch. > Acked-By: Jamie Strandboge <[email protected]>
>
> As a side effect of the abstractions/base patch, we should also clean up
> the usr.sbin.nscd profile (which includes abstractions/base):
>
> === modified file 'profiles/apparmor.d/usr.sbin.nscd'
> --- profiles/apparmor.d/usr.sbin.nscd 2013-03-05 21:11:59 +0000
> +++ profiles/apparmor.d/usr.sbin.nscd 2013-04-09 11:29:38 +0000
> @@ -42,7 +42,6 @@
> @{PROC}/@{pid}/maps r,
> @{PROC}/@{pid}/mounts r,
> @{PROC}/filesystems r,
> - @{PROC}/sys/vm/overcommit_memory r,
>
> # Site-specific additions and overrides. See local/README for details.
> #include <local/usr.sbin.nscd>
>
> To avoid trouble with *.rpmnew files etc., this small patch shouldn't be
> backported to 2.8.
>
Acked-By: Jamie Strandboge <[email protected]>
--
Jamie Strandboge http://www.ubuntu.com/
signature.asc
Description: OpenPGP digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
